2017 U.S.

State of Cybercrime
www.CSOonline.com
The 2017 U.S. State of Cybercrime Survey, in partnership with Forcepoint, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon University 2
Average Number of Incidents Experienced

163.3 161.1
147.8

2015 2016 2017

Q. Please estimate the total number of cybersecurity events experienced by your organization during the past 12 months. AND Q. When compared with 2015, how did
the frequency of cybersecurity events in your organization change in 2016?

The 2017 U.S. State of Cybercrime Survey, in partnership with Forcepoint, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon University 3
Threats Are Becoming More Difficult to Detect

92.2
80.6 Days Enterprise 138.3 days
Days
57.6
Days

SMB 62.3 days

2015 2016 2017

Q. On average, how much time passed between the date you believe an intrusion began and the date it was discovered?

The 2017 U.S. State of Cybercrime Survey, in partnership with Forcepoint, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon University 4
 Continued Threat from Outside Hackers

Hackers 33%

Current employees 13%

Organized crime 6%

Foreign nation-states 5%

Foreign entities and organizations 5%

Activists/hacktivists 3%

Do not know 24%

Q. Which of the following groups posed the greatest cyber threat to your organization during the past 12 months? AND Q. Of the security incidents you know you
experienced and for which you were able to attribute to an insider, what do you believe were the motivations behind the attacks?

The 2017 U.S. State of Cybercrime Survey, in partnership with Forcepoint, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon University 5
Cyber Risks Seen as an IT Issue

49% Whos Responsible?

36% 36%
30%
26%
20% 20%
15% 15%
12%
9% 10%
8% 8%
6%

Risk Committee Full Board of Directors Audit Committee Other None

Overall Enterprise SMB

Q. How do you believe your Board of Directors views cyber risks? AND Q. Which Board Committee is responsible for cybersecurity risk management?

The 2017 U.S. State of Cybercrime Survey, in partnership with Forcepoint, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon University 6
Top Sources Relied Upon to Stay Up-To-Date on Cyber News

Cybersecurity websites and emails 75%

Subscription-based services (free) 68%
Peers 54%
Print publications or websites 47%
Industrial trade associations 40%
Subscription-based services (paid) 39%
Government websites & emails (other than DHS) 38%
Department of Homeland Security (DHS) 33%
Information Sharing & Analysis Centers (ISACs) 33%
Information Sharing & Analysis Organizations (ISAOs) 19%
Other 5%
None 6%

Q. Please identify all sources you monitor to keep up with current trends, threats, vulnerabilities, technology, and warnings.

The 2017 U.S. State of Cybercrime Survey, in partnership with Forcepoint, CSO, U.S. Secret Service, and CERT Division of Software Engineering Institute at Carnegie Mellon University 7
Continue the Conversation
To receive a briefing on the full results from this study, or for more information, please
contact your IDG sales executive or contact us.

For more information on content marketing and lead nurture, explore our resources on this
site under marketing tools, or contact us. We have additional primary research, blogs and
white papers to make you smarter about tech decision makers, and targeted products and
programs to help you reach them!

ADDITIONAL WAYS TO STAY ON TOP OF INFORMATION FROM IDG:

To get results from IDG research when it happens,

or any other news, follow us on Twitter: @IDGWorld

Sign up to receive our monthly marketing

newsletter at www.idg.com/newsletter

Visit us on LinkedIn:
https://www.linkedin.com/company-beta/3731/